PT-2012-3191 · Cisco · Cisco Unified Ip Phones 9900

Published

2012-05-03

Updated

2017-12-07

CVE-2012-1328

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2

Description The issue is related to the improper handling of configuration information downloads to an RT phone, allowing local users to gain privileges via injected data.

Recommendations For firmware 9.1, update to a version that properly handles configuration information downloads. For firmware 9.2, update to a version that properly handles configuration information downloads. As a temporary workaround, consider restricting access to the configuration download feature until a patch is available.

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2012-1328

Affected Products

Cisco Unified Ip Phones 9900

PT-2012-3191 · Cisco · Cisco Unified Ip Phones 9900

CVE-2012-1328

Weakness Enumeration

Related Identifiers

Affected Products

References · 4